Skip to content

Privacy Policy

Last updated: April 10, 2025

At Gradiant Ascent, the privacy and security of your information is our highest priority. We've engineered our systems from the ground up with privacy-by-design principles and cutting-edge encryption technology. This Privacy Policy details how we collect, use, protect, and handle your personal information and protected health information (PHI) when you use our services.

HIPAA Compliance Commitment

Gradiant Ascent is fully committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) and all related regulations. As a healthcare technology provider, we implement all required administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI.

For healthcare providers using our platform, we execute Business Associate Agreements (BAAs) that clearly outline our respective responsibilities regarding the protection of PHI. Our entire platform is subjected to regular third-party HIPAA compliance audits to ensure we meet or exceed all statutory requirements.

Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email, professional credentials)
  • Authentication credentials (securely stored)
  • Therapy session content and communications
  • Billing and payment information
  • Usage data and platform analytics
  • Technical information about your devices and connection

For healthcare providers, we may collect protected health information (PHI) about your clients. This information is always encrypted using our advanced security measures described below.

Advanced Security Architecture

Our platform implements multiple layers of security and encryption:

  • Fully Homomorphic Encryption (FHE): The cornerstone of our security architecture, FHE allows our AI systems to analyze and process your data while it remains fully encrypted. This means your sensitive information is never exposed in an unencrypted form, even during processing.
  • Client-Side Encryption: All data is encrypted on your device before transmission to our servers, ensuring data is protected from the moment it leaves your device.
  • End-to-End Encryption: Communications between users are encrypted end-to-end, meaning only the intended recipients can decrypt and view the content.
  • HIPAA-Compliant Data Storage: All stored data uses AES-256-GCM encryption with secure key management and regular key rotation.
  • Zero-Knowledge Architecture: Our systems are designed so that we technically cannot access your unencrypted data, even if compelled to do so.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Authenticate users and protect against unauthorized access
  • Generate anonymized, aggregated analytics about service usage
  • Comply with legal obligations, including HIPAA requirements
  • Detect and prevent security incidents and fraudulent activity
  • Send technical notices, updates, security alerts, and administrative messages
  • Respond to your comments, questions, and requests
  • Develop new products and services that may be of interest to you

Information Sharing and Disclosure

Due to our zero-knowledge encryption architecture, we technically cannot access your data in a decrypted form. We do not sell, trade, or otherwise transfer your personally identifiable information or PHI to outside parties except in the following limited circumstances:

  • With Your Explicit Consent: We will share your information with third parties only when you have authorized us to do so.
  • Service Providers: We may share information with trusted third parties who assist us in operating our website, conducting our business, or providing services to you, as long as these parties agree to keep this information confidential and secure. All such parties sign BAAs when they may encounter PHI.
  • Legal Requirements: We may disclose information when required by law, such as in response to a subpoena, court order, or other legal process. However, due to our encryption architecture, we may only be able to provide encrypted data that cannot be decrypted without your keys.
  • Business Transfers: If Gradiant Ascent is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or prominent notice on our website of any change in ownership or uses of your information, as well as any choices you may have regarding your information.

Data Retention and Deletion

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. For PHI, we follow HIPAA-mandated retention periods.

When you delete your account, we initiate a secure deletion process that permanently removes your personal data from our systems within 30 days. Due to our encryption architecture, deleted data cannot be recovered once this process is complete.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access and Portability: You can access and export your data at any time through your account settings.
  • Correction: You can update or correct your personal information through your account settings.
  • Deletion: You can request deletion of your account and personal information.
  • Objection and Restriction: You can object to or request restriction of processing of your personal information.
  • Consent Withdrawal: You can withdraw consent for processing where consent is the basis for processing.

For healthcare providers, we have implemented tools to help you fulfill data subject access requests from your clients in compliance with applicable regulations.

Security Incident Response

In the unlikely event of a security breach, we maintain a comprehensive Security Incident Response Plan that includes:

  • Prompt notification to affected users as required by law
  • Thorough investigation and remediation of the incident
  • Coordination with law enforcement when appropriate
  • Implementation of measures to prevent similar incidents

For breaches involving PHI, we follow all HIPAA Breach Notification Rule requirements, including notifications to affected individuals, the Department of Health and Human Services, and, when required, the media.

International Data Transfers

Gradiant Ascent is based in the United States and the information we collect is governed by U.S. law. If you are accessing our services from outside the United States, please be aware that information collected through our platform may be transferred to, processed, stored, and used in the U.S. and other jurisdictions.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we comply with applicable data protection laws when transferring your personal information outside these regions. Our homomorphic encryption technology provides additional protection for such transfers, as transferred data remains encrypted and inaccessible to unauthorized parties.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us so that we can delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make material changes to this Privacy Policy, we will notify you by email, through our application, or by posting a notice on our website prior to the changes becoming effective. Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the revised Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Data Protection Officer at:

Email: privacy@gradiantascent.com
Phone: +1-800-123-4567
Address: 123 Encryption Way, Suite 256
Secure City, CA 94000
United States

For HIPAA-related inquiries, please contact our HIPAA Privacy Officer at hipaa@gradiantascent.com.